[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-new-framework-detects-rogue-ai-agents-without-graph-maps":10,"sections":40},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":30,"tags":31,"sources":35,"feedback":39,"feedback_at":22,"cost_usd":39,"total_tokens":39},4492,"new-framework-detects-rogue-ai-agents-without-graph-maps","New Framework Detects Rogue AI Agents Without Graph Maps","AcMAS reads agents' internal activation states to catch stealthy attacks, gaining +0.22 F1 in sync and +0.55 F1 in async settings over graph-based tools.","A research framework called AcMAS can spot compromised agents in multi-agent AI systems by reading their internal reasoning states — no interaction map required.\n\nMost current defenses for multi-agent systems assume two things: that malicious instructions are semantically obvious, and that the system's agent relationships can be modeled as an explicit graph. Neither assumption holds well in practice. Attacks are getting harder to read, and real deployments run asynchronously — agents act without the tidy temporal alignment those graph models need. AcMAS sidesteps both assumptions by watching activation patterns inside each agent's neural layers, detecting anomalies before they propagate. In synchronous settings it scored 0.94 F1 versus 0.72 for graph-based baselines, a +0.22 gap; in asynchronous settings — where existing tools fall apart — it hit 0.93 against 0.38, a +0.55 gap.\n\nThe asynchronous result is the more important one. Async execution is how production multi-agent pipelines actually run, and a drop from 0.93 to 0.38 for graph-based methods is essentially a coin flip dressed up as a security tool. AcMAS also avoids the blunt-force fix of isolating a compromised agent entirely; it uses the same activation signals to attempt functional recovery instead.\n\nThe framework generalizes across several open-source LLM backbones and scales to larger agent networks, which matters — but peer-reviewed deployment results in real pipelines would matter more than benchmark F1 scores alone.","[\"ai\",\"security\",\"multi-agent systems\",\"llm\"]","2026-07-09T04:00:00.000Z","2026-07-09T05:32:52.120Z","2026-07-09T05:32:54.931Z","published",null,[24],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"The asynchronous F1 gap is reported as +0.55 in both the article and the source, but the synchronous gap is +0.22 in the source and is misreported as implicitly equivalent or omitted — the article states '+0.55 gap' as if it applies broadly when the source clearly shows two distinct gaps (+0.22 sync, +0.55 async); correct the numerical framing to report both gaps accurately and attribute each to its setting.","resolved","ai",[30,32,33,34],"security","multi-agent systems","llm",[36],{"name":37,"url":38},"arXiv cs.AI","https:\u002F\u002Farxiv.org\u002Fabs\u002F2607.06807",0,{"sections":41},[42,46,50,55,60,65,70,75,80,85,89,93,98,103],{"name":43,"slug":30,"count":44,"latest_published_at":45},"AI",2590,"2026-07-16T04:00:00.000Z",{"name":47,"slug":32,"count":48,"latest_published_at":49},"Security",294,"2026-07-15T19:59:48.000Z",{"name":51,"slug":52,"count":53,"latest_published_at":54},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":56,"slug":57,"count":58,"latest_published_at":59},"Policy","policy",158,"2026-07-16T00:02:48.000Z",{"name":61,"slug":62,"count":63,"latest_published_at":64},"Hardware","hardware",122,"2026-07-14T19:46:26.000Z",{"name":66,"slug":67,"count":68,"latest_published_at":69},"Consumer Tech","consumer-tech",93,"2026-07-13T13:20:48.000Z",{"name":71,"slug":72,"count":73,"latest_published_at":74},"Software","software",70,"2026-07-13T19:52:25.000Z",{"name":76,"slug":77,"count":78,"latest_published_at":79},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":81,"slug":82,"count":83,"latest_published_at":84},"Dev Tools","dev-tools",59,"2026-07-07T04:00:00.000Z",{"name":86,"slug":87,"count":88,"latest_published_at":18},"Gaming","gaming",41,{"name":90,"slug":91,"count":88,"latest_published_at":92},"Startups","startups","2026-06-29T20:55:50.000Z",{"name":94,"slug":95,"count":96,"latest_published_at":97},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":99,"slug":100,"count":101,"latest_published_at":102},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":104,"slug":105,"count":106,"latest_published_at":107},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]